HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nicolodev

no profile record

Submissions

Challenges in Decompilation and Reverse Engineering of CUDA Kernels [video]

youtube.com
2 points·by nicolodev·3 माह पहले·0 comments

Challenges in Decompilation and RE of CUDA-Based Kernels [video]

youtube.com
8 points·by nicolodev·4 माह पहले·0 comments

Show HN: IPA, a GUI for exploring inner details of PDFs

github.com
270 points·by nicolodev·2 वर्ष पहले·50 comments

Nyxstone: An LLVM-based (Dis)assembly Framework

github.com
2 points·by nicolodev·2 वर्ष पहले·0 comments

Scaling Up Malware Analysis with Gemini 1.5 Flash

cloud.google.com
2 points·by nicolodev·2 वर्ष पहले·0 comments

Nyxstone: An LLVM-based (Dis)assembly Framework

github.com
7 points·by nicolodev·2 वर्ष पहले·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
2 points·by nicolodev·2 वर्ष पहले·0 comments

Show HN: MicroSCOPE – identify ransomware statically with heuristics

github.com
7 points·by nicolodev·2 वर्ष पहले·3 comments

Template for writing technical RFC docs

lambrospetrou.com
1 points·by nicolodev·3 वर्ष पहले·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
6 points·by nicolodev·3 वर्ष पहले·1 comments

The One Line That Ruined Hallmark Movies for Me

theartofdoingstuff.com
2 points·by nicolodev·3 वर्ष पहले·4 comments

Should AI Be Held Liable When Things Go Wrong?

zenaassaad.com
2 points·by nicolodev·3 वर्ष पहले·2 comments

AI safety regulation threatens our digital freedoms

togelius.blogspot.com
3 points·by nicolodev·3 वर्ष पहले·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
2 points·by nicolodev·3 वर्ष पहले·0 comments

Morgan Stanley warns on 'below seasonal' Apple Dec. guidance

applemust.com
2 points·by nicolodev·3 वर्ष पहले·0 comments

Recyclable, paper RFID tags look like a work of magic

yankodesign.com
1 points·by nicolodev·3 वर्ष पहले·0 comments

UK: London Book Fair Names Its 2024 'Authors of the Day'

publishingperspectives.com
1 points·by nicolodev·3 वर्ष पहले·0 comments

New Map APIs from Google

cloud.google.com
241 points·by nicolodev·3 वर्ष पहले·117 comments

Turn a static SVG into an interactive one, with Flourish

flowingdata.com
1 points·by nicolodev·3 वर्ष पहले·0 comments

Quantum Supremacy Explained

bigthink.com
1 points·by nicolodev·3 वर्ष पहले·0 comments

comments

nicolodev
·3 माह पहले·discuss
It’s astonishing how nobody hasn’t mentioned abstract interpretation yet. Under classical static analysis, if you can “prove” that a variable does not have values in some unsound zones, you can e.g. “prove” soundness or apply further optimizations.

The interval abstract domain works under interval analysis with an algebra that’s the same of this calculator. It’s funny to implement something like that on source/binary level :)
nicolodev
·पिछला वर्ष·discuss
Hi! OP here, thanks for submitting it to hacker news, if anyone have any questions, feel free to write here!
nicolodev
·2 वर्ष पहले·discuss
Another good replacement for capstone/keystone based on LLVM is nyxstone https://github.com/emproof-com/nyxstone
nicolodev
·2 वर्ष पहले·discuss
yeah I agree, and while everyone is suggesting tools which are really good but I designed mine to get rid of the flags and CLI interface. Good for tech people that keeps remembering flags, I'm not :(
nicolodev
·2 वर्ष पहले·discuss
> mutool clean -d in.pdf out. pdf

My tool can do exactly the same (viewing internal structure, exporting objects, and see the uncompressed raw content for stream) with a graphical interface and without all this kind of flags (which one of the reasons I started to design this project with egui), but thanks for posting yours too.
nicolodev
·2 वर्ष पहले·discuss
Thanks! Immediate paradigm might be a little bit scary if you used to play with Qt, but looks easy to manage and it's really interactive
nicolodev
·2 वर्ष पहले·discuss
argh, that's too bad, feel free to open an issue, what's happening in the console? It's panicking, isn't it? Feel free to contact me via email if you prefer
nicolodev
·2 वर्ष पहले·discuss
Nice! My tool should be runnable in the browser thanks to wasm compatibility with Rust + egui :) Btw I've just tried it, and it's a little bit buggy in Safari with a 504kb PDF (lots of objects though). Apart from that, is there a way to export the raw stream? Is there any reason of do you print all the raw streams as a text?
nicolodev
·2 वर्ष पहले·discuss
:D Well, I'm sure that half of reverse engineering community needs to thank you, and Zynamics for the important contribution for tools of static analysis. I just take the occasion to thank you for being an inspiration with such awesome tools like in BinNavi, BinDiff, and ultimately PDF dissector. When I was reading that it got discontinued, I just had that idea and started to reason about something focused on analysis, and applying some approaches we've already seen for the binary analysis tools.
nicolodev
·2 वर्ष पहले·discuss
Thanks for the list, the idea behind my tool was to try to code something that might fit an analyst that would take a fast look at the PDF. I'm also trying to figure out some fast heuristics to mark/highlight some peculiar stuff on the file itself.

Now regarding the tools you mentioned, I haven't checked out all of them, but part of them are interesting (and more mature, speaking of testing and compatibility). However some (at least the ones I was trying) are very basic, and they don't allow the "Save object as.." or uncompress it. I like the feature of displaying the PDF for preview :)
nicolodev
·2 वर्ष पहले·discuss
I'd suggest you to code something along popular libraries for PDF manipulation. I've used pdf-rs for the tool.
nicolodev
·2 वर्ष पहले·discuss
Thanks, it seems a great product too :) Do you have any particular feature that you share that product for?
nicolodev
·2 वर्ष पहले·discuss
I’m writing a little tool for analysing a pdf and its internals, if author is interested or anyone else, just let me know :)
nicolodev
·2 वर्ष पहले·discuss
Neat, although some of them are actually helpful for specific articles. One thing that I actually seen as a pattern is over engineering the blog so much that features need maintenance.
nicolodev
·2 वर्ष पहले·discuss
Hi! I just wanted to post this project into HN and collect some feedbacks. Don't feel bad to just say "lol your approach won't work" because static analysis has always limits (e.g. obfuscated software) and many more.

The main goal was to build (another) software that given a PE executable in input, parse it and outputs some indicators of the similarity of it across the ransomware I studied (the classic ones). Naturally most of the advanced ransomware employed nowadays is able to circumvent it, only with a little bit of modifications. TL;DR: "a more advanced" pattern matching.

The description is here as follows:

MicroSCOPE is a software program developed through the Go programming language that allows for the detection of a precise category of malicious software. The program is designed specifically for a class of malicious programs called ransomware whose operation consists of data encryption and ransom demand in order to gain access to the content again.

In particular, MicroSCOPE was developed to be able to support two of the mainly used formats: the PE (Portable Executable) format for Windows platforms and ELF (Executable and Linking Format) for Unix-based platforms. Through the application of certain heuristics, MicroSCOPE is able to assign a score that corresponds to the level of dangerousness of the file being analyzed. The higher the score, the more similar characteristics the software will exhibit to ransomware that has already been studied. The heuristics have been extrapolated from numerous case studies and will be improved over time.
nicolodev
·3 वर्ष पहले·discuss
Ghidra was somehow usable, I got several crashes with Hopper. One question for more expert people than me: does Hopper employ any telemetry inside its demo version? Some issues I discovered were fixed in two days and I did not report them.
nicolodev
·3 वर्ष पहले·discuss
Ops! Forgot to write about it (otherwise it would be so long). I did not mention the tools, but I was mainly referring to Hopper Decompiler/Disassembler (definitely no no for me). Altough it seemed the natural choice for reverse engineering macOS applications and daemons, it failed disastrousely on reverse engineering fairplayd. This is where obfuscation is really good at: feeling pain. Hopper tried to disassemblate the binary but still no luck (there was an error due to some bogus instructions referred by a dead branch). I'm seeing improvements for Hopper release by release, but there were some regressions that I noticed..

I tried to import it into Ghidra and it missed some informations during the pass of stack analysis. At the end it was a mess result to read, so I ended it up with IDA (free because I'm a student). Binary ninja also needs some license, I'm trying to afford it.
nicolodev
·3 वर्ष पहले·discuss
Thanks a lot!!! I can't believe I meet you on HN, great work so far
nicolodev
·3 वर्ष पहले·discuss
Sorry! My fault
nicolodev
·3 वर्ष पहले·discuss
Okay; this was originally sent by me yesterday. Not sure why it shows 1 hour ago.

I have this URL in my browser history of yesterday. Probably I'm hit by the second chance pool.